divert(0)
dnl
dnl Original Version
dnl =================
dnl http://quanta.kyunghee.ac.kr/~dacapo/sendmail/rulesets/quanta_spam-killer_REGEX.m4
dnl
dnl Modified/Current Version
dnl ------------------------
dnl http://www.Linux-Sec.net/Mail/etc.mail/linux-sec.m4  ( copy to sendmail-x.y/cf/hack )
dnl
dnl 23-May-02 amo Modified for my sanity - renamed to linux-sec.m4 ( aka header_chk.m4 )
dnl 25-May-02 amo Cleanup of dnl vs # for comments -- adding more error messages
dnl 03-Jun-02 amo Fixed missing _foo message definitions
dnl 15-Jul-02 amo Using check_local-5.1
dnl 20-Jul-02 amo Using check_local-5.3		http://www.digitalanswers.org/check_local
dnl 02-Nov-02 amo using check_local-5.5 and enabled check_sircam, check_xlib, check_xuser
dnl 15-Nov-02 amo Use $ in Msg_master problem
dnl 02-Jan-02 amo Upgraded to sendmail-8.12.7
dnl 04-Mar-03 amo Upgraded to sendmail-8.12.8
dnl 30-Oct-04 amo Upgraded to sendmail-8.13.1
dnl
dnl
dnl VERSIONID(`@(#)quanta_spam-killer_REGEX.m4   v.1 (dacapo) 11/15/2001')
VERSIONID(`http://www.Linux-Sec.net/Mail/etc.mail/linux-sec.m4')

divert(2)

LOCAL_CONFIG

KAD2000check regex -f -aAD2000 ....._NextPart_000_0..._01C0F..A\.93A.....
KGammaDcheck regex -f -aGammaD \-\-\-\-\=_........_........_MA
KKlezCheck regex -f -q -aKlez boundary=[A-Z][a-zA-Z0-9]+$
dnl
dnl
dnl Check these headers
dnl
HSubject: $>check_subject
HContent-Type: $>check_ct
HDate: $>check_date
dnl
HMessage-Id: $>check_msgid
HMessage-ID: $>check_msgid
dnl
dnl
HX-Mailer: $>check_mailer
dnl
HX-MimeOLE: $>check_ole
dnl
HX-Spanska: $>check_happy99
dnl
HX-Reply-To: $>check_all
HX-PMFLAGS: $>check_all
HX-EM-Registration: $>check_all
dnl
HTo: $>check_to
dnl
dnl
dnl
HX-User: $>check_xuser
HContent-Disposition: $>check_sircam
HX-Library: $>check_xlib
HErrors-To: $>check_errto
dnl
dnl
dnl	--
dnl	-- AntiSpam Warning/Error Messages
dnl	--
dnl
D{Msg_master}" Spammer $&{client_addr} $&f rejected by PostMaster@$j"
dnl
dnl
dnl
dnl D{Bad1}"501 ${Msg_master} - Bad AD2000 check"
dnl D{Msg_adv}"501 ${Msg_master} - ADV mail not accepted "
D{Msg_adv}"501 ${Msg_master} - ADV == Spam email rejected == "
dnl
D{Msg_mailer}"553 ${Msg_master} - SPAMWARE detected "
dnl
dnl
dnl
D{Msg_date}"553 ${Msg_master} - Bogus date xformat "
dnl
dnl D{Msg_badto}"553 ${Msg_master} - Bad To recepients"
dnl
dnl D{Msg_toomany}"553 ${Msg_master} - Too many recepients"
dnl
dnl
dnl xx D{Msg_header}"553 ${Msg_master} - Bogus header"
dnl
dnl
D{Msg_mime}"553 ${Msg_master} - we dont read MIME "
dnl
dnl
dnl -----------------------------------------------------------------------------------------------
dnl Example Errors Messages .. tailor them to suit your preferences and laws of your jurisdiction
dnl -----------------------------------------------------------------------------------------------
dnl
dnl
dnl
D{Msg_korean}"553 ${Msg_master} - korean jibberish "
D{Msg_big5}"553 ${Msg_master} - chinese jibberish "
dnl
dnl D{Msg_french}"553 ${Msg_master} - french jibberish "
D{Msg_spanish}"553 ${Msg_master} - spanish jibberish "
dnl
dnl
D{Msg_html}"553 ${Msg_master} - we dont accept html jibberish "
dnl
dnl
D{Msg_virus}"553 ${Msg_master} - Your spam has "
dnl
D{Msg_spam}"553 ${Msg_master} - Your illegal activities has been reported to your local police for prosecution "
dnl
dnl
LOCAL_RULESETS

##################################################################
#    quanta local rulesets v.1 (MAP_REGEX VERSION) since 1999    #
#    written by dacapo@quanta.kyunghee.ac.kr                     #
#    report your received spam to abuse@quanta.kyunghee.ac.kr    #
#    for future updates of these rulesets :-)                    #
##################################################################

#
# http://www.sendmail.org/~ca/email/doc8.11/op-sh-5.html
#
#	$* Match zero or more tokens
#	$+ Match one or more tokens
#	$- Match exactly one token
#	$=x Match any phrase in class x
#	$~x Match any word not in class x
#

###################################################
#### Local Rulesets (dacapo, 2002/02/12)      #####
###################################################


#
# Reject incoming spam based on "Subject"
# -----------------------------------------------
#
Scheck_subject
R<ADV:$*>		$#error $: ${Msg_adv}
RADV:$*			$#error $: ${Msg_adv}
RADV$*			$#error $: ${Msg_adv}
R[ADV]$*		$#error $: ${Msg_adv}
R<ADV>$*		$#error $: ${Msg_adv}
RADV-ADULT$*		$#error $: ${Msg_adv}
#
#
# These Spams are still getting thru - take um out the hard way
# ----------------------------------
#	#
#	# cannot have spaces in RHS ( tabs only )
#	#
R$*TRUST $*						$#error $: ${Msg_spam}
R$*PLEASE CONFIRM RECEIPT $*				$#error $: ${Msg_spam}
R$*PLEASE READ $*					$#error $: ${Msg_spam}
R$*Urgent Business Proposal $*				$#error $: ${Msg_spam}
R$*Urgent Attention $*					$#error $: ${Msg_spam}
R$*Urgent $*						$#error $: ${Msg_spam}
R$*STRICTLY CONFIDENTIAL $*				$#error $: ${Msg_spam}
R$*CONFIDENTAIL AND PRIVATE $*				$#error $: ${Msg_spam}
R$*REPRESENTATIVE $*					$#error $: ${Msg_spam}
R$*SINCERE ASSOCIATE $*					$#error $: ${Msg_spam}
R$*GOOD DAY $*						$#error $: ${Msg_spam}
R$*ATTENTION $*						$#error $: ${Msg_spam}
R$*ASSISTANCE $*					$#error $: ${Msg_spam}
R$*BUSINESS $*						$#error $: ${Msg_spam}
R$*INHERITTANCE CLAIM $*				$#error $: ${Msg_spam}
R$*HELLO $* 						$#error $: ${Msg_spam}
R$*DEAR FRIEND $*					$#error $: ${Msg_spam}
R$*FROM Mr $*						$#error $: ${Msg_spam}
R$*URGENT REPLY $*					$#error $: ${Msg_spam}
#$*REPLY NEEDED$*					$#error $: ${Msg_spam}
R$*REPLY$*						$#error $: ${Msg_spam}
R$*NEED YOUR HELP$*					$#error $: ${Msg_spam}
R$*CRY FOR HELP$*					$#error $: ${Msg_spam}
R$*Dear Sir$*						$#error $: ${Msg_spam}
R$*custodian $*						$#error $: ${Msg_spam}
R$*AVALIABLE $* INVESTMENT$*				$#error $: ${Msg_spam}
R$*NEXT $* KIN$*					$#error $: ${Msg_spam}
R$AND SON$*						$#error $: ${Msg_spam}
R$i am waiting.$*					$#error $: ${Msg_spam}
R$Prospective Partner$*					$#error $: ${Msg_spam}
R$Offer of Representation$*				$#error $: ${Msg_spam}
R$very important$*					$#error $: ${Msg_spam}
R$reponse needed$*					$#error $: ${Msg_spam}
#
#
R$*failure notice $*					$#error $: ${Msg_spam}
#
R$*Returned mail$* 					$#error $: ${Msg_spam}
R$*message delivery$* 					$#error $: ${Msg_spam}
R$*Mail delivery$* 					$#error $: ${Msg_spam}
R$*Delivery Failure $*					$#error $: ${Msg_spam}
R$*Delivery unsuccesful $				$#error $: ${Msg_spam}
R$*Delivery problems with your mail$* 			$#error $: ${Msg_spam}
#
#  Mail delivery failed: returning message to sender	$#error $: ${Msg_spam}
#  Mail delivery: reception refused			$#error $: ${Msg_spam}
#
R$*Problems delivering$*				$#error $: ${Msg_spam}
#
R$*Failed Mail $*					$#error $: ${Msg_spam}
#
R$*Automated response $*				$#error $: ${Msg_spam}
R$*AUTOMATIC REPLY $*					$#error $: ${Msg_spam}
#
R$*Non-Delivery $*					$#error $: ${Msg_spam}
R$*email account $*					$#error $: ${Msg_spam}
R$*Undeliverable$*					$#error $: ${Msg_spam}
R$*Invalid request $*					$#error $: ${Msg_spam}
#
R$*Acknowledge $* mail $*				$#error $: ${Msg_spam}
#
R$*Your message $*					$#error $: ${Msg_spam}
R$*Your email $*					$#error $: ${Msg_spam}
#
R$*Unable to forward message				$#error $: ${Msg_spam}
#
R$*Reply						$#error $: ${Msg_spam}
#
R$*Returned mail					$#error $: ${Msg_spam}
#  Returned mail: no such user				$#error $: ${Msg_spam}
#  Returned Mail - Error During Delivery		$#error $: ${Msg_spam}
#  Returned mail: see transcript for details		$#error $: ${Msg_spam}
#
R$*Get Back To Me$*					$#error $: ${Msg_spam}
R$*Waiting to hear$*					$#error $: ${Msg_spam}
#
R$*Congratulation$*					$#error $: ${Msg_spam}
R$*Free Gift$*						$#error $: ${Msg_spam}
R$*Grand Prize$*					$#error $: ${Msg_spam}
R$*NOTIFICATION$*					$#error $: ${Msg_spam}
R$*LOTTERY$*						$#error $: ${Msg_spam}
R$*CONGRATULATIONS$*					$#error $: ${Msg_spam}
R$*WINNING NOTICE$*					$#error $: ${Msg_spam}
R$*ANNUAL AWARD WINNER$*				$#error $: ${Msg_spam}
#
R$*work at home $*					$#error $: ${Msg_spam}
R$*REPRESENT OUR COMPANY $*				$#error $: ${Msg_spam}
R$*GREAT PROFITS $*					$#error $: ${Msg_spam}
#
R$*greetings$*						$#error $: ${Msg_spam}
#
#
# R$*medications$*					$#error $: ${Msg_spam}
# R$*pills$*						$#error $: ${Msg_spam}
# R$*delivery$*						$#error $: ${Msg_spam}
#
#
R$*iso-8859$*						$#error $: ${Msg_spam}
#
#
R$*buy $* cheap $*					$#error $: ${Msg_spam}
#
#
#
# Reject incoming spam suspect based on "Content_Type"
# ----------------------------------------------------
#
Scheck_ct
R$*boundary=WC_MAIL_PaRt_BoUnDaRy_05151998	$#error $: ${Msg_mailer}
R$+		$:$(AD2000check $1 $)
# R$*AD2000	$#error $: ${Msg_Bad1}
R$+		$:$(GammaDcheck $1 $)
R$*GammaD	$#error $: ${Msg_master} - SPAMWARE detected

R$+		$:$(KlezCheck $1 $)
R$*Klez		$#error $: ${Msg_master} - Your message may contain the Klez.H worm !!
#
R$+boundary="====_ABC1234567890DEF_===="	$#error $: ${Msg_virus} NIMDA.worm !!!
R$+boundary="====_ABC123456j7890DEF_===="	$#error $: ${Msg_virus} NIMDA.worm !!!
R$+X-Priority$+					$#error $: ${Msg_virus} Aliz.worm !!!
#
R$*Virus found $*				$#error $: ${Msg_virus}
#
#
R$*EUC-KR$*			$#error $: ${Msg_korean}
#
R$*text/plain;$*charset=ks_c_5601-1987	$#error $: ${Msg_korean}
R$*charset=ks_c_5601-1987		$#error $: ${Msg_korean}
R$*charset=euc-kr			$#error $: ${Msg_korean}
#
R$* big5 $*				$#error $: ${Msg_big5}
R$*charset=big5				$#error $: ${Msg_big5}
#
#
# R$*charset=windows-1252			$#error $: ${Msg_french}
#
# R$*charset=""		$#error $: ${Msg_spanish}
R$*charset=windows-1252			$#error $: ${Msg_spanish}
#
#
# it's regular ascii
# R$*charset="iso-8859-1"			$#error $: ${Msg_html}
# R$*charset=iso-8859-1			$#error $: ${Msg_html}
#
# english but still jibberish subject line
R$*iso-8859-1$*				$#error $: ${Msg_spam}
#
# 
# 
# Reject HTML based emails
# ========================
#
R$*text/html$*				$#error $: ${Msg_html}
R$*multipart/related$*			$#error $: ${Msg_html}
R$*multipart/alternative$*		$#error $: ${Msg_html}
R$*multipart/report$*			$#error $: ${Msg_html}
R$*multipart/mixed$*			$#error $: ${Msg_html}
#
#
#
# Reject incoming spam suspect based on "wrong time"
#
### check_date, refer to RFC 822
#
Scheck_date
R$+Standard Time		$#error $: ${Msg_date} 
R$+Daylight Time		$#error $: ${Msg_date}
R$+AM				$#error $: ${Msg_date}
R$+PM				$#error $: ${Msg_date}
R$+ $-:$-:$-			$#error $: ${Msg_date}
#
#
# Reject incoming spam suspect based on "bulk-mailer advertising itself"
#
Scheck_mailer
RLightningMail$+		$#error $: ${Msg_mailer}
RMailKing$+ 			$#error $: ${Msg_mailer}
R<WC Mail>			$#error $: ${Msg_mailer}
RWC Mail $+			$#error $: ${Msg_mailer}
R<Microsoft Outlook Express $+>	$#error $: ${Msg_mailer}
RMail Bomber			$#error $: ${Msg_mailer}
RThe Bat! $+			$#error $: ${Msg_mailer}
RThe Red Spider $+		$#error	$: ${Msg_mailer}
R$+emsoft$+			$#error $: ${Msg_mailer}
RMegaMail $+			$#error $: ${Msg_mailer}
RDiffondiCool$*			$#error $: ${Msg_mailer}
REasy Mail$*			$#error $: ${Msg_mailer}
RSimpleX Mailer $+		$#error $: ${Msg_mailer}
R$*NetPIMS$+			$#error $: ${Msg_mailer}
RWay-SERIES Mailer $+		$#error $: ${Msg_mailer}
RPG-MAILINGLIST PRO $+		$#error $: ${Msg_mailer}
RMIME::Lite $+			$#error $: ${Msg_mailer}
RMailtouch $+			$#error $: ${Msg_mailer}
RImoxion MailExpress API $+	$#error $: ${Msg_mailer}
RDavinci Address Mailer $+	$#error $: ${Msg_mailer}
RMerge & Group Mailer Version$+	$#error $: ${Msg_mailer}
REVAMAIL $+			$#error $: ${Msg_mailer}
RMMailer $+			$#error $: ${Msg_mailer}
Rmyself2			$#error $: ${Msg_mailer}
Rusa7777@msn.com		$#error $: ${Msg_mailer}
RNMK Mailer $+			$#error $: ${Msg_mailer}
RMicrosoft Outloo		$#error $: ${Msg_mailer}
RMMSLight $+			$#error $: ${Msg_mailer}
RLeoric-Mail $+			$#error $: ${Msg_mailer}
# 
#
# Reject incoming spam suspect based on OLE
#
Scheck_ole
RProduced By Microsoft MimeOLE V(null).$*	$#error $: ${Msg_mime}
#
#
#
# Reject incoming spam suspect based on "MessageIDs"
# ---------------------------------------------------
#
Scheck_msgid
R< $-.$-.$- @ localhost >	$#error $: ${Msg_mailer}
R<bulk.$-.$- @ $+>		$#error $: ${Msg_mailer}
R<$-.$-.$- $u@$h>		$#error $: ${Msg_mailer}
R< $+ @ $+ >			$@ OK
R$*				$#error $: ${Msg_header}
#
#
# Reject incoming spam suspect based on "happy virus"
#
Scheck_happy99
R$*	$#error $: ${Msg_virus} Happy99 virus
# 
#
# default catch all
#
Scheck_all
# R$*	$#error $: 553 We do not accept mail from spammers - ${Msg_master}
R$*	$#error $: 553 ${Msg_master} - We do not accept mail from spammers
#
#
# Reject incoming spam suspect based on non-existent "To:"
#
Scheck_to
Ranonymous@$j			$#error $: ${Msg_mailer}
R$@				$#error	$: No reciepient specified
R<Undisclosed.Recipients@$j>	$#error $: ${Msg_mailer}
RUndisclosed.Recipients@$j	$#error $: ${Msg_mailer}
R<Undisclosed.Recipients>	$#error $: ${Msg_mailer}
RUndisclosed.Recipients		$#error $: ${Msg_mailer}
#
# Ranonymous@$j			$#error $: ${Msg_badto}
#
#
# R$* alvin $* alvin $* alvin 		$#error $: ${Msg_toomany}
#
R$* alvin $* alvin $* alvin 		$#error $: ${Msg_mailer}
#
#
Rg_op@163.com			$#error $: ${Msg_virus} W32/Gop.worm
# 
# 
# 
## xx #
## xx # Reject incoming spam suspect based on ??
## xx #
Scheck_xuser
R$-.$-		$#error $: ${Msg_mailer}
# 
#
Scheck_sircam
RMultipart message	$#error $: 550 ${Msg_virus} Sircam.worm !!!
# 
#
Scheck_xlib
RWincusSMTP $+			$#error $: ${Msg_mailer} 
RIndy $+			$#error $: ${Msg_mailer}
#
#
# Reject incoming spam suspect based on "cant return emails to a mua"
#
Scheck_errto
RMicrosoft.Outlook.Express.$+@$+	$#error $: ${Msg_mailer}
# 
divert(0)

dnl
#
# end of modified quanta.m4 aka header_chk.m4 aka linux-sec.m4 file